usb: check usb_hub_to_struct_hub() return value

usb_hub_to_struct_hub() can return NULL in some unlikely cases.
Add checks where appropriate, or pass the hub pointer as an additional
argument if it's known to be valid.

The places it makes sense to check usb_hub_to_struct_hub()
are picked based on feedback from Alan Stern.

Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index feef9351463d99845a379ee3cdd1cb32b6772a4c..4191db32f12c2ccf4901287c6ccb1a357c9b552a 100644 (file)
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -718,18 +718,18 @@ static void hub_tt_work(struct work_struct *work)
 
 /**
  * usb_hub_set_port_power - control hub port's power state
- * @hdev: target hub
+ * @hdev: USB device belonging to the usb hub
+ * @hub: target hub
  * @port1: port index
  * @set: expected status
  *
  * call this function to control port's power via setting or
  * clearing the port's PORT_POWER feature.
  */
-int usb_hub_set_port_power(struct usb_device *hdev, int port1,
-               bool set)
+int usb_hub_set_port_power(struct usb_device *hdev, struct usb_hub *hub,
+                          int port1, bool set)
 {
        int ret;
-       struct usb_hub *hub = usb_hub_to_struct_hub(hdev);
        struct usb_port *port_dev = hub->ports[port1 - 1];
 
        if (set)
@@ -1769,15 +1769,17 @@ hub_ioctl(struct usb_interface *intf, unsigned int code, void *user_data)
 static int find_port_owner(struct usb_device *hdev, unsigned port1,
                struct dev_state ***ppowner)
 {
+       struct usb_hub *hub = usb_hub_to_struct_hub(hdev);
+
        if (hdev->state == USB_STATE_NOTATTACHED)
                return -ENODEV;
        if (port1 == 0 || port1 > hdev->maxchild)
                return -EINVAL;
 
-       /* This assumes that devices not managed by the hub driver
+       /* Devices not managed by the hub driver
         * will always have maxchild equal to 0.
         */
-       *ppowner = &(usb_hub_to_struct_hub(hdev)->ports[port1 - 1]->port_owner);
+       *ppowner = &(hub->ports[port1 - 1]->port_owner);
        return 0;
 }
 
@@ -5323,7 +5325,8 @@ void usb_set_hub_port_connect_type(struct usb_device *hdev, int port1,
 {
        struct usb_hub *hub = usb_hub_to_struct_hub(hdev);
 
-       hub->ports[port1 - 1]->connect_type = type;
+       if (hub)
+               hub->ports[port1 - 1]->connect_type = type;
 }
 
 /**
@@ -5339,6 +5342,9 @@ usb_get_hub_port_connect_type(struct usb_device *hdev, int port1)
 {
        struct usb_hub *hub = usb_hub_to_struct_hub(hdev);
 
+       if (!hub)
+               return USB_PORT_CONNECT_TYPE_UNKNOWN;
+
        return hub->ports[port1 - 1]->connect_type;
 }
 
@@ -5397,6 +5403,9 @@ acpi_handle usb_get_hub_port_acpi_handle(struct usb_device *hdev,
 {
        struct usb_hub *hub = usb_hub_to_struct_hub(hdev);
 
+       if (!hub)
+               return NULL;
+
        return DEVICE_ACPI_HANDLE(&hub->ports[port1 - 1]->dev);
 }
 #endif

diff --git a/drivers/usb/core/hub.h b/drivers/usb/core/hub.h
index 80ab9ee070171a795a93758a271f96767156e68f..6508e02b3dac91718c31dda7e90b6984fed0c898 100644 (file)
--- a/drivers/usb/core/hub.h
+++ b/drivers/usb/core/hub.h
@@ -100,7 +100,7 @@ extern int usb_hub_create_port_device(struct usb_hub *hub,
                int port1);
 extern void usb_hub_remove_port_device(struct usb_hub *hub,
                int port1);
-extern int usb_hub_set_port_power(struct usb_device *hdev,
+extern int usb_hub_set_port_power(struct usb_device *hdev, struct usb_hub *hub,
                int port1, bool set);
 extern struct usb_hub *usb_hub_to_struct_hub(struct usb_device *hdev);
 extern int hub_port_debounce(struct usb_hub *hub, int port1,

diff --git a/drivers/usb/core/port.c b/drivers/usb/core/port.c
index b8bad294eeb8d168d58a30e92875cb55c1dbbe81..5fd3fee58f8b9ebc746e2e9372da5be94ee478b8 100644 (file)
--- a/drivers/usb/core/port.c
+++ b/drivers/usb/core/port.c
@@ -86,7 +86,7 @@ static int usb_port_runtime_resume(struct device *dev)
        usb_autopm_get_interface(intf);
        set_bit(port1, hub->busy_bits);
 
-       retval = usb_hub_set_port_power(hdev, port1, true);
+       retval = usb_hub_set_port_power(hdev, hub, port1, true);
        if (port_dev->child && !retval) {
                /*
                 * Wait for usb hub port to be reconnected in order to make
@@ -128,7 +128,7 @@ static int usb_port_runtime_suspend(struct device *dev)
 
        usb_autopm_get_interface(intf);
        set_bit(port1, hub->busy_bits);
-       retval = usb_hub_set_port_power(hdev, port1, false);
+       retval = usb_hub_set_port_power(hdev, hub, port1, false);
        usb_clear_port_feature(hdev, port1, USB_PORT_FEAT_C_CONNECTION);
        usb_clear_port_feature(hdev, port1,     USB_PORT_FEAT_C_ENABLE);
        clear_bit(port1, hub->busy_bits);